BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that locks up a business or individual’s data and demands payment for the return of access. Attackers typically use a combination of social engineering and exploiting vulnerabilities to gain initial system access. After gaining control, attackers will either encrypt specific files or deny access to entire systems. Attackers will then display a message, often changing the background of the affected device, demanding a set amount of cryptocurrency as a ransom in order to restore access to data.

Some markets are particularly tempting targets for attackers, such as hospitals or other medical orgs. Attackers know that victims will be more likely to pay a relatively low ransom than would be the case for most other companies, especially if lives are in the balance. Attackers have also become more creative in their methods of collecting payments, with some requiring Apple iTunes gift cards or cryptocurrencies like Bitcoin.

In some cases, attackers will even threaten to expose a victim’s data publicly as a way of adding extra incentive to pay the ransom. Maze, one of the more notorious types of ransomware, used this technique when it was first launched.

Whether it’s an old-school variant like Petya or more sophisticated modern programs like Ryuk, the best way to deal with ransomware is always to report it. Doing so can help law enforcement develop decryptors that can ultimately reduce the need for paying the ransom. For companies that do encounter ransomware, following their written incident response plan should be a priority. This should include notifying the company’s insurance carrier at the outset and ensuring that any communication with attackers takes place through an attorney. This can protect the investigation from discovery and legal claims, reducing exposure in the event of a data breach lawsuit.